mirror of
https://github.com/servo/servo
synced 2026-04-25 17:15:48 +02:00
daed36d4bf838c0a6a51dbf8687028b2a64ec942
55908 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Kingsley Yung
|
daed36d4bf |
script: Implement Sanitizer.get() method (#44452)
Implement the `Sanitizer.get()` method. Same as the previous patches on Sanitizer API, the steps related to processing instructions are marked as TODO. Support for process instructions was recently added to the specification, and we will implement it later when tests are ready. Testing: Covered by WPT tests in `sanitizer-api/sanitizer-get.tentative.html` Fixes: Part of #43948 Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev> |
||
|
Gae24
|
20e94989eb |
script: pass &mut JSContext inside worklet code (#44441)
Testing: It compiles Part of #40600 Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com> |
||
|
Taym Haddadi
|
353e5248f1 |
SharedWorker : script unblock shared worker common plumbing for SharedWorker (#44440)
part of https://github.com/servo/servo/issues/7458 Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com> |
||
|
Jonathan Schwender
|
d0b2337118 |
mozjs: Fix make 4.4 broken parallel compilation (#44346)
Companion PR to https://github.com/servo/mozjs/pull/735. This bumps mozjs to the latest version 0.15.9. The changes were reviewed in the linked PR. Testing: This changes behavior when using `make` 4.4 and compiling mozjs from source in CI. This path is not exercised in CI, since Ubuntu 24.04 still ships make 4.3. Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> |
||
|
dependabot[bot]
|
e611a186be |
build: bump typenum from 1.19.0 to 1.20.0 (#44451)
Bumps [typenum](https://github.com/paholg/typenum) from 1.19.0 to 1.20.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/paholg/typenum/releases">typenum's releases</a>.</em></p> <blockquote> <h2>v1.20.0</h2> <h2>Commits</h2> <ul> <li>77b877d: remove deprecated features, replace build script with pre-generated tests (<a href="https://redirect.github.com/paholg/typenum/issues/237">#237</a>) (Cathal) <a href="https://redirect.github.com/paholg/typenum/pull/237">#237</a></li> <li>4d5f26b: Add tuple operations (<a href="https://redirect.github.com/paholg/typenum/issues/242">#242</a>) (grenewode) <a href="https://redirect.github.com/paholg/typenum/pull/242">#242</a></li> <li>c755e2f: Version 1.20.0 (Paho Lurie-Gregg)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/paholg/typenum/blob/main/CHANGELOG.md">typenum's changelog</a>.</em></p> <blockquote> <h3>1.20.0 (2026-04-18)</h3> <ul> <li>[removed] Removed <code>no_std</code> feature flag (deprecated since 1.3.0)</li> <li>[removed] Removed <code>force_unix_path_separator</code> feature flag (deprecated since 1.17.0)</li> <li>[changed] Replaced <code>build.rs</code> script with pre-generated test files</li> <li>[added] Indexing into tuples</li> <li>[changed] MSRV now 1.41.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
82370a7cab |
build: bump clap from 4.6.0 to 4.6.1 (#44450)
Bumps [clap](https://github.com/clap-rs/clap) from 4.6.0 to 4.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.6.1</h2> <h2>[4.6.1] - 2026-04-15</h2> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Ensure rebuilds happen when an read env variable is changed</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.6.1] - 2026-04-15</h2> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Ensure rebuilds happen when an read env variable is changed</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1c4b0b57b8 |
build: bump rustls from 0.23.38 to 0.23.39 (#44448)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.38 to 0.23.39. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
609f50d680 |
build: bump pastey from 0.2.1 to 0.2.2 (#44447)
Bumps [pastey](https://github.com/as1100k/pastey) from 0.2.1 to 0.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/as1100k/pastey/releases">pastey's releases</a>.</em></p> <blockquote> <h2>v0.2.2</h2> <h2>What's Changed</h2> <ul> <li>Fix Rust 1.56 compatibility: Handle None-delimited groups in replace modifier in <a href="https://redirect.github.com/AS1100K/pastey/pull/25">AS1100K/pastey#25</a></li> <li>increase the code coverage by <a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> in <a href="https://redirect.github.com/AS1100K/pastey/pull/28">AS1100K/pastey#28</a></li> <li>add coverage on CI by <a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> in <a href="https://redirect.github.com/AS1100K/pastey/pull/30">AS1100K/pastey#30</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> made their first contribution in <a href="https://redirect.github.com/AS1100K/pastey/pull/28">AS1100K/pastey#28</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/AS1100K/pastey/blob/master/CHANGELOG.md#022---2026-04-23"><code>CHANGELOG.md</code></a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/AS1100K/pastey/blob/master/CHANGELOG.md">pastey's changelog</a>.</em></p> <blockquote> <h2>[0.2.2] - 2026-04-23</h2> <h3>Improved</h3> <ul> <li>Improved Code Coverage <a href="https://redirect.github.com/AS1100K/pastey/pull/28">#28</a>, <a href="https://redirect.github.com/AS1100K/pastey/pull/30">#30</a></li> </ul> <h3>Fixed</h3> <ul> <li>Rust 1.56 compatibility: Handling None-delimited groups in replace modifier <a href="https://redirect.github.com/AS1100K/pastey/pull/25">#25</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
412f98b9bb |
build: bump dbus from 0.9.10 to 0.9.11 (#44446)
Bumps [dbus](https://github.com/diwic/dbus-rs) from 0.9.10 to 0.9.11. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Simon Sapin
|
4535a7d7b5 |
script: Rewrite NodeList::ChildrenList with a cached Vec of nodes (#44435)
In DOM APIs, `Node.childNodes` is a `NodeList` that has an
`.item(index)` method that allows random access, but DOM nodes only
store pointers to their first/last child and next/previous sibling. The
previous implementation involved keeping a "last accessed" pointer, and
a significant amount of logic to find the requested index by walking
next/previous sibling pointers from whichever of last accessed, first
child, or last child is nearest. This logic sometimes incorrectly
assumed the (nullable) last accessed pointer to be present, causing a
panic in `Option::unwrap`.
Rather than try to fix that logic, this replaces entirely with the
approach suggested in #25206 and used [by
Firefox](https://searchfox.org/firefox-main/source/dom/base/nsChildContentList.h):
keep a cached `Vec` of pointers to all child nodes, created lazily when
needed, and invalidated whenever any part of it changes.
Testing: the first commit adds a failing WPT crashtest, the second
commit fixes it
Fixes: https://github.com/servo/servo/issues/25206
Fixes: https://github.com/servo/servo/issues/36764
---------
Signed-off-by: Simon Sapin <simon@igalia.com>
|
||
|
Martin Robinson
|
1528f31269 |
script: Add an initial implementation of the "focus update steps" (#44360)
This moves Servo closer to the focus parts of the HTML specification. The behavior should be the same as before, but now the code in `script` matches the structure of the specification. The main goal is to set us up for: - Firing focus events in the right order on nested documents - A proper implementation of the unfocusing steps. Testing: This should not change behavior so is covered by existing tests. Signed-off-by: Martin Robinson <mrobinson@fastmail.fm> Co-authored-by: Martin Robinson <mrobinson@fastmail.fm> |
||
|
Narfinger
|
c2b88ff7f5 |
media: Switch to workspace dependencies and minor cleanup (#44428)
This PR makes minor cleanup in the media crates: - Switch dependencies to workspace dependencies if they are already included in the main Cargo.toml - Switch from crate serde_derive to serde with feature flag derive. - Switch from the separate crate for OnceCell to the std provided LazyLock. - Update num_complex Testing: The only functional changes are either slight version bumps, the replacement to LazyLock which is conservative and the num_complex update which also shouldn't have any behavior changes. --------- Signed-off-by: Narfinger <Narfinger@users.noreply.github.com> |
||
|
Kingsley Yung
|
6934a65e5c |
script: Validate sanitizer configuration (#44421)
Implement sanitizer configuration validation algorithm, and complete the "set a configuration" algorithm. The steps related to processing instructions are marked as TODO. Support for process instructions was recently added to the specification, and we will implement it later when tests are ready. Specification: - https://wicg.github.io/sanitizer-api/#sanitizerconfig-valid - https://wicg.github.io/sanitizer-api/#sanitizer-set-a-configuration Testing: Covered by WPT tests in `sanitizer-api/sanitizer-config.tentative.html` Fixes: Part of #43948 --------- Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev> |
||
|
Euclid Ye
|
d46b0a9826 |
dependabot: Add rustls-webpki related group (#44429)
This should make #44415, #44418, #44419 work in one PR without conflict in the future. Testing: Will be tested in CI in future rounds of update. Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com> |
||
|
Tim van der Lippe
|
6de7311014 |
script: Add initial implementation of strikethrough command (#44410)
Part of #25005 Testing: WPT Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> |
||
|
dependabot[bot]
|
7007dc4346 |
build: bump rustls-webpki from 0.103.12 to 0.103.13 (#44419)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.12 to 0.103.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki/releases">rustls-webpki's releases</a>.</em></p> <blockquote> <h2>0.103.13</h2> <ul> <li><strong>Fix reachable panic in parsing a CRL</strong>. This was reported to us as <a href="https://github.com/rustls/webpki/security/advisories/GHSA-82j2-j2ch-gfr8">GHSA-82j2-j2ch-gfr8</a>. Users who don't use CRLs are not affected.</li> <li>For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See <a href="https://redirect.github.com/rustls/webpki/pull/471">rustls/webpki#471</a>. This was a case missing in the fix for <a href="https://github.com/advisories/GHSA-965h-392x-2mh5">https://github.com/advisories/GHSA-965h-392x-2mh5</a>.</li> </ul> <h2>What's Changed</h2> <ul> <li>Actually fail closed for URI matching against excluded subtrees by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/473">rustls/webpki#473</a></li> <li>Prepare 0.103.13 by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/474">rustls/webpki#474</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13">https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Euclid Ye
|
6592e8512b |
layout: Replace SVG base fragment rect conditionally to support viewBox (#44420)
As titled. Testing: Manually tested with multiple real websites with viewbox in svg. It looked terrible before, but now looking good! New passing in WPT. Partially addresses: #38985 --------- Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com> |
||
|
Jonathan Schwender
|
97c08a6f95 |
net: Optimize initial TLS connection (#44242)
By touching the crypto provider, we can force it to gather entropy. On my linux VM, that moved ~60ms off the critical path (using aws-lc-rs, but probably any other crypto provider would show similar behavior). On my Linux workstation it was around ~30ms. On Linux caching the rustls platform verifier cache optimizes another 50ms. On other platforms this will be cheaper, since only on some systems all certificates are read. It might make sense to explore caching the whole tlsconfig (for websockets), since it looks like we are just cloning the same components and then constructing a new tlsconfig, which would lead to the same effective component. But that needs more investigation. Testing: Doesn't change any visible behavior, covered by existing tests. --------- Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> |
||
|
Martin Robinson
|
09ef444d63 |
layout: Add placeholders for text carets after finishing a line (#44370)
Instead of readily adding a strut for text carets when processing a line break, wait until a line is finished. This allows placing a strut on the final line. In addition to fixing #41338 this will also make it possible to handle line breaks as a separate kind of text run item so that we can preserve shaping results between layouts. In addition, some changes are made in script to ensure that these placeholders are never placed for non-textual input elements. Testing: This change adds a Servo-specific WPT test. Caret rendering isn't specified. Fixes: #41338 Signed-off-by: Martin Robinson <mrobinson@igalia.com> |
||
|
Taym Haddadi
|
bdbbe641eb |
SharedWorker: Add SharedWorker and SharedWorkerGlobalScope WebIDL interfaces (#44375)
Testing: covered by WPT test. part of https://github.com/servo/servo/issues/7458 --------- Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com> |
||
|
dependabot[bot]
|
d995e90976 |
build: bump webpki-roots from 1.0.6 to 1.0.7 (#44418)
Bumps [webpki-roots](https://github.com/rustls/webpki-roots) from 1.0.6 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki-roots/releases">webpki-roots's releases</a>.</em></p> <blockquote> <h2>1.0.7</h2> <p>For their April 2026 root store changes, Mozilla has made more changes than usual:</p> <blockquote> <p>These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#74-root-ca-lifecycles">§7.4</a> (Root CA Lifecycles) and <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#753-transition-plan-for-existing-roots">§7.5.3</a> (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.</p> </blockquote> <p>This removes:</p> <ul> <li>CN=Certigna O=Dhimyotis</li> <li>CN=COMODO Certification Authority O=COMODO CA Limited</li> <li>CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA</li> <li>CN=GTS Root R2 O=Google Trust Services LLC</li> <li>CN=QuoVadis Root CA 2 O=QuoVadis Limited</li> <li>CN=QuoVadis Root CA 3 O=QuoVadis Limited</li> <li>CN=Secure Global CA O=SecureTrust Corporation</li> <li>CN=SecureTrust CA O=SecureTrust Corporation</li> <li>CN=SwissSign Gold CA - G2 O=SwissSign AG</li> <li>CN=TeliaSonera Root CA v1 O=TeliaSonera</li> <li>CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.</li> <li>O=certSIGN OU=certSIGN ROOT CA</li> </ul> <p>See <a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/o1VliD70ctg/m/pY0JBzTlAQAJ?pli=1">their announcement</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/116">rustls/webpki-roots#116</a></li> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/117">rustls/webpki-roots#117</a></li> <li>Take semver-compatible updates by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/118">rustls/webpki-roots#118</a></li> <li>Prepare 1.0.7 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/120">rustls/webpki-roots#120</a></li> <li>Update dependencies by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/119">rustls/webpki-roots#119</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7">https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4d56440d4e |
build: bump bpaf from 0.9.24 to 0.9.25 (#44416)
Bumps [bpaf](https://github.com/pacak/bpaf) from 0.9.24 to 0.9.25. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pacak/bpaf/blob/master/Changelog.md">bpaf's changelog</a>.</em></p> <blockquote> <h2>bpaf [0.9.25] - 2026-04-15</h2> <ul> <li>Change rendering of an adjacent block in Markdown - this is no longer a <code>###</code> but a regular line item instead. Header messes up with generated navigation on some pages</li> <li><code>app_name</code> - parser that extracts the executable name</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/pacak/bpaf/commits/v0.9.25">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c75eea95c3 |
build: bump webpki-root-certs from 1.0.6 to 1.0.7 (#44415)
Bumps [webpki-root-certs](https://github.com/rustls/webpki-roots) from 1.0.6 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki-roots/releases">webpki-root-certs's releases</a>.</em></p> <blockquote> <h2>1.0.7</h2> <p>For their April 2026 root store changes, Mozilla has made more changes than usual:</p> <blockquote> <p>These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#74-root-ca-lifecycles">§7.4</a> (Root CA Lifecycles) and <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#753-transition-plan-for-existing-roots">§7.5.3</a> (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.</p> </blockquote> <p>This removes:</p> <ul> <li>CN=Certigna O=Dhimyotis</li> <li>CN=COMODO Certification Authority O=COMODO CA Limited</li> <li>CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA</li> <li>CN=GTS Root R2 O=Google Trust Services LLC</li> <li>CN=QuoVadis Root CA 2 O=QuoVadis Limited</li> <li>CN=QuoVadis Root CA 3 O=QuoVadis Limited</li> <li>CN=Secure Global CA O=SecureTrust Corporation</li> <li>CN=SecureTrust CA O=SecureTrust Corporation</li> <li>CN=SwissSign Gold CA - G2 O=SwissSign AG</li> <li>CN=TeliaSonera Root CA v1 O=TeliaSonera</li> <li>CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.</li> <li>O=certSIGN OU=certSIGN ROOT CA</li> </ul> <p>See <a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/o1VliD70ctg/m/pY0JBzTlAQAJ?pli=1">their announcement</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/116">rustls/webpki-roots#116</a></li> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/117">rustls/webpki-roots#117</a></li> <li>Take semver-compatible updates by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/118">rustls/webpki-roots#118</a></li> <li>Prepare 1.0.7 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/120">rustls/webpki-roots#120</a></li> <li>Update dependencies by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/119">rustls/webpki-roots#119</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7">https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4322792c84 |
build: bump h2 from 0.4.12 to 0.4.13 (#44414)
Bumps [h2](https://github.com/hyperium/h2) from 0.4.12 to 0.4.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hyperium/h2/releases">h2's releases</a>.</em></p> <blockquote> <h2>v0.4.13</h2> <h2>What's Changed</h2> <ul> <li>Implement HTTP/2 informational responses (1xx) support by <a href="https://github.com/apu031"><code>@apu031</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/865">hyperium/h2#865</a></li> <li>fix: Unparent connection span by <a href="https://github.com/Jesse-Bakker"><code>@Jesse-Bakker</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/868">hyperium/h2#868</a></li> <li>fix: auto-release padding from DATA frames by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/869">hyperium/h2#869</a></li> <li>fix: do not assign capacity for pending streams by <a href="https://github.com/benjaminp"><code>@benjaminp</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/860">hyperium/h2#860</a></li> <li>perf: reduce huffman decode table size by <a href="https://github.com/ariaandika"><code>@ariaandika</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/871">hyperium/h2#871</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jesse-Bakker"><code>@Jesse-Bakker</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/868">hyperium/h2#868</a></li> <li><a href="https://github.com/ariaandika"><code>@ariaandika</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/871">hyperium/h2#871</a></li> <li><a href="https://github.com/apu031"><code>@apu031</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/865">hyperium/h2#865</a></li> <li><a href="https://github.com/benjaminp"><code>@benjaminp</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/860">hyperium/h2#860</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hyperium/h2/compare/v0.4.12...v0.4.13">https://github.com/hyperium/h2/compare/v0.4.12...v0.4.13</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hyperium/h2/blob/master/CHANGELOG.md">h2's changelog</a>.</em></p> <blockquote> <h1>0.4.13 (January 5, 2026)</h1> <ul> <li>Add support for 1xx informational responses on client and server side.</li> <li>Fix auto-releasing of padding bytes of DATA frames for flow control windows.</li> <li>Fix to stop assigning capacity to pending streams which can't use it yet.</li> <li>Fix tracing to not grab the parent for the connection span.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a65769ae98 |
build: bump glslopt from 0.1.12 to 0.1.13 (#44413)
Bumps [glslopt](https://github.com/jamienicol/glslopt-rs) from 0.1.12 to 0.1.13. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jamienicol/glslopt-rs/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Martin Robinson
|
bec5a6ce37 |
layout: Simplify the way characters are iterated when segmeting text (#44400)
This is a minor adjustment from #44276 that makes the way characters are iterated easier to read. Testing: This should not change behavior so should be covered by existing tests. Signed-off-by: Martin Robinson <mrobinson@igalia.com> |
||
|
Tim van der Lippe
|
138e7be47e |
script: Achieve failure parity with other browsers for underline command (#44390)
With these changes, we now fail the minimum set of tests. That is to say: we don't fail any test that no other browser fails. All test failures therefore match at least 1 other browser. The one exception is the updated test expectation. That's because all browsers fail this test in the exact same way, hence updating the expectation. We fail it, since I don't know how browsers reach to that point. I think it's related to traversal of the contained children and the order that they are traversed in. Unfortunately my attempts at fixing that have not been fruitful, so leaving that one for now. Part of #25005 Testing: WPT --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com> Co-authored-by: Martin Robinson <martin@abandonedwig.info> |
||
|
Narfinger
|
617c9c0162 |
script: JSContextify dom/css partially (#44406)
This JSContextifies parts of dom/css directory. Testing: Compilation is the test. Signed-off-by: Narfinger <Narfinger@users.noreply.github.com> |
||
|
Narfinger
|
99899612cb |
net: Split ResourceTimings into separate file and create batch attribute setting (#44395)
ResourceFetchTimings are set throughout the methods in http_loader.rs. These methods are already very complicated, so having multiple times `context.timings.lock().set_attribute()` can be quite distracting to understanding. This introduces ResourceFetchTimingsContainer structure which has the lock inside and allows setting multiple attributes to clean up the code in http_loader. Testing: This is a refactor and does not change functionality. Signed-off-by: Narfinger <Narfinger@users.noreply.github.com> |
||
|
atbrakhi
|
f8c97cd609 |
devtools: Always pass ownPropertiesLength to devtools (#44369)
Always pass `ownPropertiesLength` to devtools Testing: All tests are passing Fixes: part of #39858 Signed-off-by: atbrakhi <atbrakhi@igalia.com> Co-authored-by: eri <eri@igalia.com> |
||
|
Manuel Rego
|
2cdbada97b |
Template for roadmap issues (#44398)
As discussed on [Zulip](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Roadmap/with/580266351), this is a new template for tracking roadmap issues. Testing: No needed, just a GitHub issue template. Signed-off-by: Manuel Rego Casasnovas <rego@igalia.com> |
||
|
Taym Haddadi
|
5ac8bf4db3 |
Implement StorageManager API (#43976)
Add the Storage Standard WebIDL for NavigatorStorage and StorageManager, wire navigator.storage on Window and Worker, and implement persisted(), persist(), and estimate(). Testing: covered by WP test. part of #39100 fixes #39101 --------- Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com> |
||
|
Shubham Gupta
|
d1e3e8080c |
script: Correctly apply resource timing buffer limit (#44228)
Strictly follow the [specs](https://w3c.github.io/resource-timing/#performance-can-add-resource-timing-entry) Also fires the performance resource timing earlier to match WPT expectations. Testing: More WPT tests Passed. --------- Signed-off-by: Shubham Gupta <shubham.gupta@chromium.org> |
||
|
Kingsley Yung
|
4a5fe14788 |
script: Canonicalization of sanitizer configuration (#44335)
Implement the canonicalization of sanitizer configuration, along with the canonicalization of element with attributes, element, attribute and name. They are implemented for the `SanitizerConfig`, `SanitizerElementWithAttributes`, `SanitizerElement` and `SanitizerAttribute`, through the `SantiizerConfigAlgorithm`, `Canonicalization` and `NameCanonicalization` trait. Note that, in the canonicalization of sanitizer configuration, the steps related to processing instructions are marked as TODO. The feature of supporting process instructions has just been added to the specification recently, and the WPT tests are not yet in place. We will add this support once the tests are ready. `SanitizerElementWithAttributes`, `SanitizerElement` and `SanitizerAttribute` are unions of string and dictionary. This makes accessing its member fields cumbersome. So, the `NameMember` and `AttributeMember` trait are added to provide helper function for them to reduce boilerplate code. Specification: - https://wicg.github.io/sanitizer-api/#sanitizer-canonicalize-the-configuration - https://wicg.github.io/sanitizer-api/#canonicalize-a-sanitizer-element-with-attributes - https://wicg.github.io/sanitizer-api/#canonicalize-a-sanitizer-element - https://wicg.github.io/sanitizer-api/#canonicalize-a-sanitizer-attribute - https://wicg.github.io/sanitizer-api/#canonicalize-a-sanitizer-name Testing: Covered by WPT tests in `sanitizer-api/` subdirectory. Fixes: Part of #43948 --------- Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev> |
||
|
dependabot[bot]
|
9ba9916bad |
build: bump aws-lc-rs from 1.16.2 to 1.16.3 (#44379)
Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.16.2 to 1.16.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-lc-rs/releases">aws-lc-rs's releases</a>.</em></p> <blockquote> <h2>aws-lc-rs v1.16.3</h2> <h2>What's Changed</h2> <ul> <li>Key length validation in <code>UnboundCipherKey::new()</code> now enforced at runtime by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1092">aws/aws-lc-rs#1092</a> <ul> <li>The documented error on key length mismatch was never actually checked. Streaming cipher constructors also relied on <code>debug_assert_eq!</code> which gets stripped in release builds — these are now runtime checks.</li> </ul> </li> <li>Support MSAN and TSAN sanitizer builds via <code>AWS_LC_SYS_SANITIZER</code> environment variable by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1100">aws/aws-lc-rs#1100</a> <ul> <li>Accepts <code>asan</code>, <code>msan</code>, or <code>tsan</code>. The existing <code>asan</code> feature flag continues to work.</li> </ul> </li> </ul> <h3>Build Improvements</h3> <ul> <li>Follow symlinks when classifying include directory entries by <a href="https://github.com/cmtm"><code>@cmtm</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1071">aws/aws-lc-rs#1071</a> <ul> <li>Fixes builds under Bazel (and other build systems) where source files in <code>CARGO_MANIFEST_DIR</code> are symlinks into a content-addressable store.</li> </ul> </li> <li>Improve clang-cl discovery for Windows ARM64 builds by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1060">aws/aws-lc-rs#1060</a> <ul> <li>The build script now discovers <code>clang-cl</code> inside Visual Studio installations rather than requiring it on <code>PATH</code>.</li> </ul> </li> <li>Fix Windows ARM64 FIPS build: pass correct architecture to <code>vcvarsall.bat</code> by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1075">aws/aws-lc-rs#1075</a></li> <li>Strip LTO flags from CFLAGS for FIPS builds by <a href="https://github.com/skmcgrail"><code>@skmcgrail</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1087">aws/aws-lc-rs#1087</a> <ul> <li>Build environments like RPM mock chroots (e.g. AL2023) that export <code>-flto=auto</code> in CFLAGS would break the FIPS delocator pipeline.</li> </ul> </li> <li>MSVC: Fix builtin swap intrinsic check to avoid link-time failures by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1086">aws/aws-lc-rs#1086</a></li> <li>MSVC: Add jitterentropy <code>src</code> subdirectory to include search path by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1085">aws/aws-lc-rs#1085</a></li> <li>MSVC: Use 8.3 short paths on Windows to avoid MAX_PATH limits by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1081">aws/aws-lc-rs#1081</a></li> </ul> <h3>Issues Being Closed</h3> <ul> <li>Clarify that build needs to run from VS Developer shell for Windows builds -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1056">aws/aws-lc-rs#1056</a></li> <li>Add MSAN (MemorySanitizer) support, matching existing ASAN support -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1077">aws/aws-lc-rs#1077</a></li> <li>aws-lc-sys fails to compile on iOS arm64 with Clang 15.0.7: undeclared ioctl in urandom.c -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1068">aws/aws-lc-rs#1068</a></li> </ul> <h2>Other Merged PRs</h2> <ul> <li>Prepare aws-lc-sys v0.39.1 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1080">aws/aws-lc-rs#1080</a></li> <li>Bump aws-lc-fips-sys to v0.13.14 by <a href="https://github.com/skmcgrail"><code>@skmcgrail</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1088">aws/aws-lc-rs#1088</a></li> <li>CI: Harden artifact workflows and update action versions by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1091">aws/aws-lc-rs#1091</a></li> <li>Bump actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1096">aws/aws-lc-rs#1096</a></li> <li>Bump actions/setup-go from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1095">aws/aws-lc-rs#1095</a></li> <li>Bump codecov/codecov-action from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1094">aws/aws-lc-rs#1094</a></li> <li>Prepare aws-lc-rs v1.16.3 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1098">aws/aws-lc-rs#1098</a></li> <li>Prepare aws-lc-sys v0.40.0 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1099">aws/aws-lc-rs#1099</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cmtm"><code>@cmtm</code></a> made their first contribution in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1071">aws/aws-lc-rs#1071</a></li> <li><a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> made their first contribution in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1086">aws/aws-lc-rs#1086</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/aws/aws-lc-rs/compare/v1.16.2...v1.16.3">https://github.com/aws/aws-lc-rs/compare/v1.16.2...v1.16.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
93e413093f |
build: bump tokio from 1.52.0 to 1.52.1 in the tokio-rs-related group (#44377)
Bumps the tokio-rs-related group with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.52.0 to 1.52.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.52.1</h2> <h1>1.52.1 (April 16th, 2026)</h1> <h2>Fixed</h2> <ul> <li>runtime: revert <a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a> to fix [a regression]<a href="https://redirect.github.com/tokio-rs/tokio/issues/8056">#8056</a> that causes <code>spawn_blocking</code> to hang (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8057">#8057</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7757">tokio-rs/tokio#7757</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8056">#8056</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8056">tokio-rs/tokio#8056</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8057">#8057</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8057">tokio-rs/tokio#8057</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c04dc7e77b |
build: bump uuid from 1.23.0 to 1.23.1 (#44380)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.23.0 to 1.23.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.23.1</h2> <h2>What's Changed</h2> <ul> <li>Remove deprecated <code>msrv</code> feature from wasm-bindgen dependency by <a href="https://github.com/guybedford"><code>@guybedford</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/877">uuid-rs/uuid#877</a></li> <li>fix: Timestamp::from_gregorian deprecation note by <a href="https://github.com/aznashwan"><code>@aznashwan</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/878">uuid-rs/uuid#878</a></li> <li>Prepare for 1.23.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/879">uuid-rs/uuid#879</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/guybedford"><code>@guybedford</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/877">uuid-rs/uuid#877</a></li> <li><a href="https://github.com/aznashwan"><code>@aznashwan</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/878">uuid-rs/uuid#878</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.23.0...v1.23.1">https://github.com/uuid-rs/uuid/compare/v1.23.0...v1.23.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e33b20e445 |
build: bump orbclient from 0.3.51 to 0.3.53 (#44382)
Bumps orbclient from 0.3.51 to 0.3.53. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f41e1513d9 |
build: bump atomic_refcell from 0.1.13 to 0.1.14 (#44381)
Bumps [atomic_refcell](https://github.com/mozilla/atomic_refcell) from 0.1.13 to 0.1.14. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mozilla/atomic_refcell/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Simon Martin
|
d4a63f87ed |
webgl: Validate dimensions in TexImage3D properly with level (#44367)
The tex-3d-size-limit.html test verifies that TexImage3D errors out with gl.INVALID_VALUE if the width / height / depth parameters are greater than gl.MAX_3D_TEXTURE_SIZE / 2 ** level, in accordance with the mipmap levels definition. This patch adds this checks, and fixes a s/depth/level/ typo, and should stabilize tex-3d-size-limit.html: all its sub-tests will succeed until the first call to (not implemented) TexSubImage3D, that will end the test. It's still possible for the test to fail on environments where gl.MAX_3D_TEXTURE_SIZE is not 8192 (because the numbering of tests will be different), and this will have to be until we make all sub-tests pass, i.e. TexSubImage3D is implemented. Testing: A bunch of expected failures are removed. Fixes: https://github.com/servo/servo/issues/44280 Signed-off-by: Simon Martin <simon@nasilyan.com> |
||
|
Gae24
|
85eda69130 |
script: Complete script_module &mut JSContext migration (#44368)
Switch the remaining `SafeJSContext` usages to `&mut JSContext` inside script_module.rs Testing: It compiles. Part of #40600 --------- Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com> |
||
|
Tim van der Lippe
|
4184b11362 |
script: Iterate over correct collections when moving (#44347)
Several times, we first need to capture the relevant nodes, perform a step and then iterate over the nodes. Previously, we would iterate over it, but the iterator could have moved, hence we would jump over some nodes. Instead, capture these beforehand and then iterate over them. Also fixes the issue where text-decoration wasn't properly checked, since its a shorthand for 3 longhands. And a PropertyDeclarationBlock only has longhands. The two regressions are for tests that now generate the correct HTML, but their ranges are incorrectly moved from the `a` to the `b`. I went through the relevant algorithms and didn't spot the mistake. To keep on making babysteps towards a full implementation, I will tackle these in a follow-up. These algorithms are already difficult enough to reason about. Part of #25005 Testing: WPT Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> |
||
|
Freya Arbjerg
|
c14b7d66d0 |
devtools: Replace dead links in debugger.js (#44358)
This replaces dead firefox-source-docs.mozilla.org links in debugger.js Testing: Not relevant for comments Fixes: No issue Signed-off-by: Freya Arbjerg <git@arbjerg.dev> |
||
|
Nico Burns
|
2c91740059 |
Use our own http server for the webdriver server (#44338)
Helps with: https://github.com/servo/servo/issues/38776. Reduces total Servo crate count by 7 (977 -> 970). This PR simply: - Disables the `server` feature in the `webdriver` crate - Vendors the implementation of the server from the `webdriver` crate - Updates dependencies + fixes code to work with new versions Unfortunately `webdriver` depends on `http` even with the `server` feature disabled, so we still end up with duplicate versions of `http`. But at least the duplicate `hyper` is eliminated. Future work could change the implementation to e.g. move away from `warp` or similar. Testing: WPT tests use webdriver, so this should be exercised heavily by those tests. --------- Signed-off-by: Nico Burns <nico@nicoburns.com> |
||
|
Simon Wülker
|
18d3ad5252 |
script: Support shadowrootslotassignment on template elements (#44246)
This brings up to date with the specification for declarative shadow roots: https://github.com/whatwg/html/pull/12267. The `shadowrootslotassignment` attribute on `<template>` elements specifies the slot assignment mode used by the declarative shadow root created by the template. Testing: New tests start to pass --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> |
||
|
Euclid Ye
|
eea0c586c0 |
ci: Set LLVM_OBJDUMP env-var when compiling libservo with MSRV in linux (#44352)
[Sometimes](https://github.com/servo/servo/actions/runs/24611835766/job/71967504931#step:10:1076), CI fails to link pre-built archive, and have to build from source. Previously this always fail as llvm-objdump is not found. Testing: Successful [try run](https://github.com/yezhizhen/servo/actions/runs/24626909297) when building from source. Fixes: #44351 --------- Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com> |
||
|
Simon Martin
|
d5dab9e353 |
webgl: Update stable test expectations to close intermittent issue (#44344)
Since
|
||
|
Josh Matthews
|
4e267b2f09 |
net: Update expected Accept-Language header in tests to use current locale. (#44340)
Our choice is to either override the user's locale or updated the expected result to depend on the locale. Updating the expectation seemed easier. Testing: Unit tests pass locally, but CI runs with the en-US locale so there's no observable difference. Fixes: #43069 Signed-off-by: Josh Matthews <josh@joshmatthews.net> |
||
|
Servo WPT Sync
|
345fd4573f |
Sync WPT with upstream (19-04-2026) (#44339)
Automated downstream sync of changes from upstream as of 19-04-2026 [no-wpt-sync] Signed-off-by: WPT Sync Bot <ghbot+wpt-sync@servo.org> Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> |
||
|
Josh Matthews
|
19354a5b37 |
net: Update test cookie expiration dates to one century in the future. (#44341)
These dates were chosen 10 years ago, which I'm sure felt like a reasonably far-future date for a very young web engine. Surprise! We're still here, so we can be more bold this time. Testing: Unit tests stop failing. Signed-off-by: Josh Matthews <josh@joshmatthews.net> |